Configure Active Directory Auth for Azure files to use for Azure Fileshares and WVD

The article is currently being revised and in the next two weeks some improvements will be integrated.

In the past I had a lot of talks about Azure File Sync, a lightwight solutions to sync servers from different locations and branches via Azure Files. One often questions was, it is possible to use Azure Files directly with the integrated Active Directory authentication – The great answer since a few days is Yes, this is possible.

Now you can use Azure Files with On-Prem Active Directory authentication as a fully replacement for Fileservers. No need for Azure Active Directory Domain Services (Azure AD ADDS) or different settings on Azure Files. This gives great new ways to using Azure Files for Fileshares and to use Azure Files directly for WVD and coming closer to a cloud native solution or to a fully replacement for On-Prem Fileserver.

In this article I will explain how to configure AD authentication for Azure Files and list information about region availability some basic steps and more. Please feel free to use the comment section or Twitter to get in touch with me and gives me feedback about the article and the solution.

Recommendations

Use separate Storage Accounts for Azure Fileshare AD authentication

Create an own OU for Azure Fileshare AD authentication

For best practice it is useful to use separate Storage Accounts for Azure File AD authentication, because with activation the Fileshare will be a member of the the domain (this means in general the Storage Account join the domain).

Each Domain uses GPO to enable settings for each OU in the Domain. To avoid issues for Storage Accounts that will be member of the Domain, I recommend to create and use an separate OU for the Storage Accounts.

Preparation

To use Azure Files with integrated SMB authentication, there are additional Powershell modules needed. This module are available for download at Azure Samples GitHub Page. Please use the latest one.

Domain with separate OU for Azure fileshares

For a better management and separation, create a new OU for Storage Accounts.

Enable Azure Files for AD authentication

To enable Azure Files for AD authentication there are some steps needed.

Unzip the downloadad Zip Archiv AzFilesHybrid.zip

[Optional] Create an OU for the Storage Accounts

Create a (separate) Storage Account in Azure

Create a Azure file share in the Storage Account

Start a evalated PowerShell Session with rights to create computer and service accounts in the domain on a domain member client

The #AzureWeek webinar week starts today. Each day a hourly webinar about different #Azure topics with a great lineup. Take a look at the agenda and my session on friday 👇
https://www.reimling.eu/2020/05/speaking-at-the-espc-azureweek-about-azure-policy-with-azure-security-center/